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CLAIMS 

What is claimed is: 

11. A method for bootstrapping a secure communications channel between 

2 devices, comprising: 

3 generating a key via a first device; 

4 establishing a short range communication channel between the first device 

5 and a second device; 

6 sending a copy of the key from the first device to the second device via the 

7 short range communication channel to produce a shared key that is shared by both 

8 the first and second devices; 

9 establishing a secure communication channel between the first and second 

10 devices using an encrypted communication protocol that implements an encryption 

1 1 scheme based on a common encryption key derived from the shared key, said 

12 secure communication channel being separate and apart from the short range 

13 communication channel. 

1 2. The method of claim 1 , further comprising sending identity information used 

2 to identify the first device from the first device to the second device, wherein the 

3 identity information is used to establish the secure communication channel. 

1 3. The method of claim 1 , further comprising disabling the short range 

2 communication channel after the copy of the key has been sent from the first device 

3 to the second device. 
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1 4. The method of claim 1 , wherein the shared key comprises a cryptographically 

2 secure pseudo-random number. 

1 5. The method of claim 1 , wherein each of the first and second devices include 

2 an authenticated key agreement algorithm software component that is used to 

3 cooperatively generate the common encryption key. 

1 6. The method of claim 1 , wherein the short range communication channel 

2 comprises a transponder/transponder reader pair and wherein the transponder is 

3 operatively coupled to the first device and the transponder reader is operatively 

4 coupled to the second device. 

1 7. The method of claim 6, wherein the transponder reader is coupled to an 

2 antenna that radiates radio frequency (RF) energy that is used to energize the 

3 transponder, further comprising waving the transponder in front of or placing the 

4 transponder in proximity to the transponder reader to energize the transponder and 

5 cause the transponder to transmit data pertaining to the key to enable the data to be 

6 read by the transponder reader via the antenna. 

1 8. The method of claim 1 , wherein the common cryptographic key is the shared 

2 key. 

1 9. The method of claim 1 , further comprising performing a peer-to-peer 

2 authentication using symmetric authenticated key agreement algorithms running on 

3 both devices and the shared key. 
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1 1 0. The method of claim 9, wherein the peer-to-peer authentication is 

2 implemented by performing the operations of: 

3 storing credentials data including at least the shared key on both the first and 

4 second devices; 

5 generating a first random string with the first device and passing the first 

6 random string to the second device; 

7 generating a first digital signature corresponding to the first random string 

8 with the first device using an encryption key derived from the credentials data stored 

9 on the first device and a symmetric authenticated key agreement algorithm running 

10 on the first device; 

1 1 generating a second digital signature corresponding to the first random string 

12 with the second device using an encryption key derived from the credentials data 

13 stored on the second device and a symmetric authenticated key agreement 

14 algorithm running on the second device; 

15 comparing the first and second digital signatures to see if they match; and 

16 authenticating the second device with the first device if there is a match. 

1 11. The method of claim 1 0, wherein the peer-to-peer authentication further 

2 comprises performing the operation of: 

3 generating a second random string with the second device and passing the 

4 second random string to the first device; 

5 generating a third digital signature corresponding to the second random string 

6 with the second device using an encryption key derived from the credentials data 

7 stored on the second device and a symmetric authenticated key agreement 

8 algorithm running on the second device; 
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9 generating a fourth digital signature corresponding to the second random 

10 string with the first device using an encryption key derived from the credentials data 

1 1 stored on the first device and a symmetric authenticated key agreement algorithm 

12 running on the first device; 

13 comparing the third and fourth digital signatures to see if they match; and 

14 authenticating the first device with the second device if there is a match. 

1 12. A method for bootstrapping a secure communications channel between 

2 devices, comprising: 

D 3 generating a key via a first device; 

o 

O 4 activating a transponder reader in a second device; 

ig 5 transmitting data corresponding to a copy of the key from a transponder 

in 6 operatively coupled to the first device to the transponder reader; 

j\ 7 storing the copy of the key in the second device to produce a shared key that 

Jf 8 is shared by both the first and second devices; 

^ 9 establishing a secure communication channel between the first and second 

HMO devices using an encrypted communication protocol that implements an encryption 

1 1 scheme based on a common encryption key derived from the shared key. 

1 1 3. The method of claim 1 2, further comprising disabling at least one of the 

2 transponder and transponder reader after the copy of the key has been sent from 

3 the first device to the second device. 

1 14. The method of claim 12, wherein the transponder reader is coupled to an 

2 antenna that radiates radio frequency (RF) energy that is used to energize the 

3 transponder, further comprising waving the transponder in front of or placing the 
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4 transponder in proximity to the transponder reader to energize the transponder and 

5 cause the transponder to transmit a signal containing the data corresponding to the 

6 copy of the key to enable the data to be read by the transponder reader via the 

7 antenna. 

1 15. The method of claim 14, wherein the transponder reader further transmits 

2 data via the antenna requesting the transponder to send data to the transponder 

3 reader and the transponder sends the data corresponding to the copy of the key in 

4 response to receiving the request. 

1 16. The method of claim 12, wherein the transponder comprises a transceiver 

2 that sends and receives data using a 13.56 MHz radio frequency signal. 



1 17. A device comprising: 

2 a processor; 

3 a transceiver to receive and send data via radio frequency RF signals; 

4 a key generator operatively coupled to the transceiver and the processor; 

5 a communication interface to send and receive data from an external device 

6 via a communication link; and 

7 a memory coupled to the processor in which a plurality of machine 

8 instructions including an authenticated key agreement algorithm module are stored 

9 that when executed by the processor performs the operations of: 

10 invoking the key generator to generate a key; 

1 1 passing a copy of the key to the transceiver; 

12 enabling the transceiver to send a copy of the key to the external device via a 

13 first RF signal to share the key between the device and the external device; and 
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14 establishing a secure communication channel with the second device over 

15 the communication link that uses a cryptographic key that is generated through 

16 execution of the authenticated key agreement algorithm module in cooperative 

17 interaction with a symmetrical key agreement algorithm operating on the external 

18 device and is based on the key that is shared between the device and the external 

19 device. 



1 1 8. The device of claim 1 7, wherein the transceiver comprises a transponder that 

2 transmits the first RF signal containing data corresponding to the copy of the key in 
M 3 response to receiving a second RF signal containing a data request from the 

Q 

p 4 external device. 

Jl 19. The device of claim 1 8, wherein the transponder is energized to transmit the 

~J 2 first RF signal by receiving RF energy via the second RF signal sent by the external 

f! 3 device. 

p 1 20. The device of claim 1 7, further comprising a user interface control, coupled 

2 to the processor, to receive a user request to establish a secure communication 

3 channel between the device and the external device. 



1 21 . The device of claim 1 7, further comprising a persistent memory device in 

2 which a device identifier is stored, and wherein execution of the machine 

3 instructions by the processor further performs the operation of sending data 

4 corresponding to the device identifier to the external device via the first RF signal. 



1 22. A device comprising: 
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2 a processor; 

3 a transceiver to receive and send data via radio frequency (RF) signals; 

4 a communication interface to send data to and receive data from an external 

5 device via a communication link; and 

6 a memory coupled to the processor in which a plurality of machine 

7 instructions including an authenticated key agreement algorithm module are stored 

8 that when executed by the processor performs the operations of: 

9 controlling the transceiver to enable the transceiver to receive a copy of a 

10 shared key from the external device via a first RF signal; and 

1 1 establishing a secure communication channel with the external device over 



12 the communication link, wherein the secure communication channel uses a 

13 cryptographic key that is generated through execution of the authenticated key 

14 agreement algorithm module through cooperative interaction with a symmetrical key 

15 agreement algorithm operating on the external device and is based on the shared 

1 6 key. 

1 23. The device of claim 22 wherein the transceiver comprises a transponder 

2 reader to receive an RF signal generated by a compatible transponder that is 

3 operatively coupled to the external device. 

1 24. The device of claim 23, further comprising an antenna coupled to the 

2 transponder reader and driven by the transponder reader to generate an RF signal 

3 including RF energy that is received by the compatible transponder to energize the 

4 compatible transponder. 



20 



Attorney Docket: P042390.P12264 

1 25. The device of claim 22, further comprising a user interface control, coupled 

2 to the processor, to receive a user request to establish a secure communication 

3 channel between the device and the external device. 

1 
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